Turn that WiFi off! WiFi is for victims only.

Post Meta

A few weeks ago, we talked about how easy it is to steal data over WiFi. We even did a demonstration with a device called a WiFi Pineapple and program called Karma to prove it. Now a new set of tools called MANA has been released that makes it even easier for the bad guys to launch attacks that steal your data over compromised WiFi networks.

The Pineapple and Karma have actually be around for about ten years, but they did not present much of a threat until mobile wireless devices began to proliferate. If you’re reading this, you’re probably carrying a wifi enabled device that is constantly putting out a signal, probing for familiar networks. Vendors and network administrators became aware of WiFi vulnerabilities and put new protections in place, enabling WPA2 encryption and hiding SSIDs. With these protections in place, wifi became harder (though still not impossible) to exploit.

MANA, released by a security research firm called Sensepost, is designed with an understanding of the common security measures most networks employ. Mana is designed to seamlessly defeat or bypass defenses to give bad guys access to your data.

Over the next few weeks, we’ll look more closely at how MANA works. But ultimately the release of these new tools confirms what we already know: When you connect via public WiFi, you’re at risk. Given enough time and resources, bad actors will find a way to thwart even the strongest defenses.

As we’ve said before, just turn off WiFi. Use your data plan on your cellular device. It’s cheaper than trying to fix a data breach. Or only join networks that you know are trusted, although even that, too, can be problematic. And using Silo to connect to the internet and sensitive apps insulates you from compromise.